Cryptology ePrint Archive: Report 2016/843

Partitioning via Non-Linear Polynomial Functions: More Compact IBEs from Ideal Lattices and Bilinear Maps

Shuichi Katsumata and Shota Yamada

Abstract: In this paper, we present new adaptively secure identity-based encryption (IBE) schemes. One of the distinguishing property of the schemes is that it achieves shorter public parameters than previous schemes. Both of our schemes follow the general framework presented in the recent IBE scheme of Yamada (Eurocrypt 2016), employed with novel techniques tailored to meet the underlying algebraic structure to overcome the difficulties arising in our specific setting. Specifically, we obtain the following:

- Our first scheme is proven secure under the ring learning with errors (RLWE) assumption and achieves the best asymptotic space efficiency among existing schemes from the same assumption. The main technical contribution is in our new security proof that exploits the ring structure in a crucial way. Our technique allows us to greatly weaken the underlying hardness assumption (e.g., we assume the hardness of RLWE with a fixed polynomial approximation factor whereas Yamada's scheme requires a super-polynomial approximation factor) while improving the overall efficiency.

- Our second IBE scheme is constructed on bilinear maps and is secure under the $3$-computational bilinear Diffie-Hellman exponent assumption. This is the first IBE scheme based on the hardness of a computational/search problem, rather than a decisional problem such as DDH and DLIN on bilinear maps with sub-linear public parameter size.

Category / Keywords: public-key cryptography / Ring LWE, Bilinear Maps, Identity-Based Encryption, Adaptive Security

Original Publication (with major differences): IACR-ASIACRYPT-2016

Date: received 31 Aug 2016, last revised 12 Jan 2017

Contact author: yamada-shota at aist go jp

Available format(s): PDF | BibTeX Citation

Version: 20170112:114809 (All versions of this report)

Short URL: ia.cr/2016/843

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]